firewalls

Unanswered Question
Mar 9th, 2007
User Badges:

Hi all, when configuring a firewall say pix 501, is all traffic allowed outbound by default, so if I use PAT to get to the internet for 192.168.1.0 range, will all hosts be allowed out by default?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
spremkumar Fri, 03/09/2007 - 01:20
User Badges:
  • Red, 2250 points or more

Hi Carl


By default outbound traffic will be permitted and you can access the net using NAT/PAT feature..


if you want to have some kinda inbound access then you need to create proper access lists to allow the remote ip's to access your local resources...


Also do remember you need to have one to one NAT configured for inbound access...



regds


carl_townshend Fri, 03/09/2007 - 02:19
User Badges:

thankyou, i gather this is same for dmz, inside can connect to dmz but not other way around unless access list is in place to allow it ?

spremkumar Fri, 03/09/2007 - 02:25
User Badges:
  • Red, 2250 points or more

Hi Carl


To put it on a simple note anything from High Security Zone to Low Security Zone ( Inside to Outside/DMZ) is permitted with necessary NAT statements.


You need to have Access-lists to permit traffic Low Security Zone to High Security Zone (Outside to DMZ or DMZ to Inside or Outside to Inside)..



regds


Actions

This Discussion